Re: Fwd: Heads up: OpenSSH users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> On Jan 15, 2016, at 10:31 AM, Johnny Hughes <johnny@xxxxxxxxxx> wrote:
> 
> On 01/15/2016 08:55 AM, Noam Bernstein wrote:
>> I see that this is a CentOS 7 patch only, at least so far.  I also see that the CentOS 6 ssh version is 5.3
>> 	> /usr/bin/ssh -V
>> 	OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
>> which is supposedly not affected. However, strings indicates that /usr/bin/ssh is also aware for the useroaming configuration option:
>> 	> strings /usr/bin/ssh | grep -i useroam
>> 	useroaming
>> Is it actually known that the ssh version shipped with CentOS 6 is not vulnerable, or is it just assumed based on the version number?  The announcement implies that the roaming code itself was added in 5.4, not just that a default was changed, but if that’s really true, why is that string in the binary?
> 
> 
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1298032#c16
> 
> (see comment 16)

Yes, that answers my question. Thanks.

								Noam

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux